How to enable xss in react?

Question

So, I am writing learning app in react, I want simulate xss attack.

The problem is, that react automatically escapes everything for me.

Example:

var htmlString = '<img src="javascript:alert('XSS!')" />';
.
.
.
render() {
    return (
        <div>{htmlString}</div>
    );
}

All is ok, no xss :-)

But I want enable xss, is there any way how to 'do it'?

Possible duplicate of [What does it mean when they say React is XSS protected?](https://stackoverflow.com/questions/33644499/what-does-it-mean-when-they-say-react-is-xss-protected) — XCS, Jan 29 '18 at 22:40

score 2 · Accepted Answer · answered Jan 29 '18 at 22:37

2

answered Jan 29 '18 at 22:37

mu_sa

1 Answers1